To help you avoid the hefty maximum penalty of $1.5 million per incident, we gathered a list of common DOs and DON’Ts when it comes to complying with HIPAA. A lot on these may seem like common sense but it’s a great reminder of how easy it could be to violate HIPAA.
DO
- Train all staff on HIPAA compliance and assign different security access levels to individual staff members.
- Ensure patient files are protected so that unauthorized persons do not have access to files.
- Store information on secure encrypted devices.
- Always log off your computers when you leave your desk.
- Shred any patient records if you need to dispose of them.
- Update HIPAA documents annually or otherwise necessitated by a change in practice circumstances.
- Promptly provide medical records should patients request them.
- Ensure all forms have the proper signatures on them.
- Only provide the minimum level of necessary information to those with access to patient data.
- Use a cover sheet when faxing health records.
- Notify the Health & Human Services department should a breach occur.
DON’T
- Text patient information – while we hope our phones will never get lost or stolen, it happens.
- Email private information unless it is a secure connection.
- Snoop records when it is not necessary or requested – this includes looking into you and your family’s records!
- Release information to unauthorized persons.
- Release information to the wrong patient.
- Discuss health information of patients in public areas.
- Leave patient information over an answering machine.
- Release information of a minor without permission of that parental/guardian.
This is not a definitive list, always consult a HIPAA compliance attorney with any questions you might have.
Do you want to cut down your dental supply costs by 20%? Sign up now at mywazu.com